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DETAILED ACTION 

1. Applicant's amendment filed on February 06, 2007 has been entered. Claims 1- 
7, 9-11 and 13-25 are pending. Claims 8 and 12 are canceled by the applicant and 
claims 1-3,7, 10, 14-16 and 21 are also amended by the applicant. 

Claim Objections 

2. Claims 13 and 15 are objected to because of the following informalities: 

Claim 15 contains the phrase "The SPIP of claim 15", which is treated as typographical 
error and the correct phrase should be "The SPIP of claim 14". 
Claim 13 depends on canceled claim 12, which is treated as typographical error. 
Appropriate correction is required. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to .be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1-3, 7, 9-11, 13-15 and 17-22 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Hamilton (US Patent No. 7,123,974) and in view of Amara et al 
(US Pub. No. 2004/0083295). 
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As per claim 1 . Hamilton teaches: 

a local area network; one or more programmable logic controller [Fig. 1]; and a security 
policy implementation point (SPIP) connected between the network and the one of more 
programmable logic controllers to isolate the one or more programmable logic 
controllers and associated factory machines from the network [Fig. 1, 6], the SPIP being 
configured participate in a Virtual Private Network (VPN) such that communications with 
the SPIP over the industrial network [Fig. 6, col. 9 lines 7-33]. 

Hamilton teaches the SPIP connected between the network and the one or more 
programmable logic controllers [Fig. 1, 6]. Hamilton doesn't expressively mention, the 
SPIP connected between the local area network and the one or more programmable 
logic controllers and, a VPN tunnel. 

Amara teaches the SPIP (security policy database) connected between the local area 
network and the one or more programmable logic controllers (devices - e.g. computers, 
switches, routers, servers, gateways) [Fig 1 , 2, paragraph 0032, 0034]. Further, Amara 
teaches the security policy database being configured participate in a Virtual Private 
Network (VPN) such that communications with the SPIP (security policy database) over 
the network occur over a VPN tunnel [Fig. 1 , 2, paragraph 0008, 0032, 0034]. 
Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Amara with Hamilton, since one would have been 
motivated to provide scalable network access system [Amara, paragraph 0006, 0007]. 
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As per claim 2 , the rejection of claim 1 is incorporated and Hamilton teaches the SPIP, 
the programmable logic controller [Fig. 1, 6] and wherein the SPIP is logically connected 
between the network and the one or more programmable logic controllers [Fig. 1, 6]. 
Amara teaches the SPIP (security policy database) is integrated with the programmable 
logic controllers (devices - e.g. computers, switches, routers, servers, gateways) [Fig. 
2] and wherein the SPIP is logically connected between the local area network and the 
one or more programmable logic controllers [Fig. 1 , paragraph 0032]. 

As per claim 3 , the rejection of claim 1 is incorporated and Hamilton teaches the 
network contains a plurality of programmable logic controller [Fig. 1], wherein the one or 
more programmable logic controller are subset of the plurality of programmable logic 
controllers [Fig. 1, 2] and wherein the SPIP is physically disposed between the network 
and the one or more programmable logic controllers [Fig. 1]. 

Amara teaches the SPIP is physically connected between the local area network and 
the one or more programmable logic controllers [Fig. 1, paragraph 0032]. 

As per claim 7 , the rejection of claim 1 is incorporated and Hamilton teaches the SPIP is 
further configured to apply policy to limit access to the programmable logic controllers to 
individuals authorized to access the programmable logic controllers and to require 
authentication on the SPIP before allowing control instructions to pass from the local 
area network through the SPIP to the one or more programmable logic controller [Fig. 1 , 
6, col. 9 lines 7-33]. 
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As per claim 9 , the rejection of claim 1 is incorporated and Hamilton teaches the 
industrial network is an untrusted network configured to interconnect network services 
with a plurality of SPIPs associated with factory machines, and wherein the network 
services are configured to enable operation of the factory machines to be altered 
through the industrial network [Fig. 1, 2, 6, col. 9 lines 7-33]. 

As per claim 10 , the rejection of claim 1 is incorporated and Hamilton teaches the SPIP 
is further configured to enable local access to the one or more programmable logic 
controllers by applying a local authentication and authorization policy, to enable the 
SPIP to enforce network policy in connection with attempted local access [Fig. 1, 6, col. 
9 lines 7-33], 

As per claim 11 , the rejection of claim 10 is incorporated and Hamilton teaches 
a local access policy configured to require authentication and authorization of at least 
one of an user and an. accessing electronic device for non-emergency attempts to 
access the SPIP, and an alternate access policy configured to allow access to the SPIP 
and maintain an audit log attendant to a local attempt to access the SPIP [Fig. 1, 6, col. 
9 lines 7-33]. 



As per claim 13 . the rejection of claim 1 1 is incorporated and Hamilton teaches the 
SPIP comprises a local authentication policy and information associated with authorized 
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users and indicative of authorization policy information associated with said at least one 
factory machine [Fig. 1 , 6, col. 9 lines 7-33]. 

Amara teaches the local authentication policy and information associated with 
authorized users and devices [Fig. 6, 8, paragraph 0025, 0027]. 

As per claim 14 , Hamilton teaches: 

a local path configured to implement a local access policy related to direct local access 
to one or more programmable logic controllers [Fig. 1 , 2, 6, col. 9 lines 7-33]; and 
a network path connected between the industrial network and the one or more 
programmable logic controllers to control access to the programmable logic controller 
via the industrial network [Fig. 1, 2, 6, col. 9 lines 7-33], the network path being 
configured to isolate the one or more programmable logic controllers and associated 
factory machines from the industrial network by participation in a Virtual Private Network 
such that communications with the SPIP over the industrial network utilize the Virtual 
Private Networks [Fig. 1,2,6, col. 9 lines 7-33]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Amara with Hamilton, since one would have been 
motivated to provide scalable network access system [Amara, paragraph 0006, 0007]. 



As per claim 15 , the rejection of claim 14 is incorporated and Hamilton teaches 
programmable logic controller circuitry configured to implement the one or more 
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programmable logic controllers and to function to control at least one factory machine 
[Fig. 1,2]. 

As per claim 17 , the rejection of claim 16 is incorporated and Hamilton teaches the local 
path further comprises an accounting module configured to record accesses to at least 
one of the SPIP, an associated programmable logic controller, and an associated 
factory machine [Fig. 1, 4, 5, 7]. 

As per claim 18 , the rejection of claim 15 is incorporated and Hamilton teaches the local 
path comprises an authentication module configured to authenticate the identity of an 
individual seeking to access a device through the SPIP, and an authorization module 
configured to assess an authorization associated with the individual to ascertain 
whether the individual is authorized to access the device [Fig. 1 , 6, col. 9 lines 7-33]. 

As per claim 19 , the rejection of claim 18 is incorporated and Hamilton teaches the 
authentication module and the authorization module [col. 9 lines 17-24]. 
Amara teaches interface to a Remote Access Dial In User Service (RADIUS) server 
[paragraph 0040]. Further, Amara teaches authentication and authorization mechanism 
utilize other remote access software product (e.g. RADIUS, DIAMETER, LDAP, etc.) 
[paragraph 0040, 0042]. 
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As per claim 20 , the rejection of claim 18 is incorporated and Hamilton teaches the 
authentication and authorization modules maintain a local copy of authorized users and 
authentication policy to allow local access to the SPIP [col. 9 lines 24-29]. 
Amara teaches maintain a local copy of authorized users and authentication policy 
[paragraph 0046, 0047, 0027]. 

As per claim 21 , the rejection of claim 15 is incorporated and Hamilton teaches the 
SPIP is configured to apply policy to limit access to the programmable logic controllers 
to individuals authorized to access the programmable logic controllers and to require 
authentication on the SPIP before allowing control instructions to pass from the 
industrial network through the SPIP to the one or more programmable logic controllers 
[Fig. 1, 2, 6, col. 9 lines 7-33]. 

As per claim 22 , the rejection of claim 15 is incorporated and Hamilton teaches network 
ports configured to interface with the industrial network, and output ports configured to 
interface with a programmable logic controller [Fig. 1, 2]. 

4. Claims 4-6 and 23-25 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Hamilton (US Patent No. 7,123,974) in view of Amara et al (US Pub. No. 
2004/0083295) and in view of Danner et al (US Patent No. 7,194,003). 
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As per claim 4 , the rejection of claim 3 is incorporated and Hamilton teaches the local 
area network is an Ethernet network, wherein the SPITP is configured to communicate 
with network devices on the local area network over the Ethernet network [Fig. 1, 2, col. 
5 lines 55-60]. 

.Danner teaches the switch is configured to communicate with the programmable logic 
controller using a protocol selected from at least one of Profibus, Controller Area 
Network, RS-232, RS-422, and RS-485 [col. 7 lines 1-9]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Danner with Hamilton and Amara, since one would 
have been motivated to provide scalable network access system [Amara, paragraph 
0006, 0007]. 

As per claim 5 . the rejection of claim 1 is incorporated and Hamilton teaches the SPIP is 
included as blade in the network device [Fig. 6]. 

Danner teaches the local area network includes at least one Ethernet switch/router [Fig. 
3]- 

As per claim 6 . the rejection of claim 1 is incorporated and Hamilton teaches the SPIP is 
configured to implement security policy to control network access to at least one PLC 
through the SPIP [Fig. 1, 6, col. 9 lines 7-33]. Danner teaches at least one PLC 
connected to the Ethernet switch/router [Fig. 3]. 
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As per claim 23 , the rejection of claim 22 is incorporated and Hamilton teaches 
communication with the industrial control components and with remote devices as 
shown in Fig. 1,2.. 

Danner teaches communicate on the industrial network utilizing an Ethernet protocol 
[col. 7 lines 17-39] and communicate with the programmable logic controller using a 
protocol understandable by the programmable logic controller [col. 7 . lines 1-9]. 

As per claim 24 , the rejection of claim 15 is incorporated and Danner teaches network 
ports configured to interface with the industrial network, control logic configured to 
implement a control program associated with a programmable logic controller, and 
interface ports configured to interface with a factory machine [Fig. 3, col. 6 lines 4-47]. 

As per claim 25 , the rejection of claim 24 is incorporated and Danner teaches the 
interface ports comprise at least one input port configured to receive input from an 
environmental sensor, and at least one output port configured to control at least one 
electro-mechanical device [Fig! 3, col. 6 lines 4-47, 60-67, col. 7 lines 10-39]. 

5. Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over Hamilton 
(US Patent No. 7,123,974) in view of Amara et al (US Pub. No. 2004/0083295) and in 
view of Schmitz et al (US Patent No. 6,172,430). 
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As per claim 16 , the rejection of claim 15 is incorporated and Hamilton teaches the local 
access policy for enabling access to the factory machine based on the authentication 
and authorization process associated with a user [col. 9 lines 7-24]. Hamilton doesn't 
expressively mention to enable operation of the factory machine to be altered without 
verification of authorization and authentication of a user during an emergency. 
Schmitz teaches: enable operation of the factory machine to be altered without 
verification of authorization and authentication of a user during an emergency [col. 5 
lines 7-10]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Schmitz with Hamilton and Amara, since one would 
have been motivated to prevent the hazardous condition. 



Response to Amendment 



6. Applicant has amended claims 1-3,7, 10, 14-16 and 21 which necessitated new 
ground of rejection. See rejection above. 
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Conclusion 



7. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nirav Patel whose telephone number is 571-272-5936. If 
attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax and phone numbers for 
the organization where this application or proceeding is assigned is 571-273-8300. Any 
inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 571-272-2100. 
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